Author Topic: JSP Execution  (Read 1001 times)

0 Members and 1 Guest are viewing this topic.

Offline sn0wm4n

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 1
    • View Profile
JSP Execution
« on: February 20, 2014, 04:24:25 am »
I found a site that starts at a .jsp page. Deeper down there is an unsecured uploader. I've tried uploading a simple .jsp script to try to get it to execute but no matter what I do, I can't get it to render. I've tried different file extensions, hell I've even tried asp and php scripts but instead of anything rendering, they just download when you try to access them on the server. Now why would it respond to the first .jsp but not anyone uploaded ones?

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: JSP Execution
« Reply #1 on: February 20, 2014, 06:23:38 am »
So it look like it lacks the executeable flag .
You tried explicitly changing +x for the file ?
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline sn0wm4n

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 1
    • View Profile
Re: JSP Execution
« Reply #2 on: February 20, 2014, 06:39:18 am »
So it look like it lacks the executeable flag .
You tried explicitly changing +x for the file ?


I haven't but I thought that it was irrelevant since scripts like that are only read by the php or httpd or whatever servers and not executed like a script would be. Is that incorrect?

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: JSP Execution
« Reply #3 on: February 20, 2014, 07:15:40 am »

I haven't but I thought that it was irrelevant since scripts like that are only read by the php or httpd or whatever servers and not executed like a script would be. Is that incorrect?
As long as they don't have that executeable flag nothing is gonna happen, that is correct.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline sn0wm4n

  • /dev/null
  • *
  • Posts: 11
  • Cookies: 1
    • View Profile
Re: JSP Execution
« Reply #4 on: February 20, 2014, 09:20:37 pm »
I just tried a php script on my server and it still renders the php correctly even when its not the +x flag isn't set for anyone. rw-rw-rw still renders fine. Is that different for JSP?